|
ROSE 0.11.145.147
|
Miscellaneous supporting functions for disassembly.
Classes | |
| class | AddGhostSuccessors |
| Follow basic block ghost edges. More... | |
| class | BasicBlockSizeLimiter |
| Callback to limit basic block size. More... | |
| class | CfgGraphVizDumper |
| Produce a GraphViz file for the CFG at a certain time. More... | |
| class | Debugger |
| Convenient place to attach a debugger. More... | |
| class | HexDumper |
| Produce a hexdump at a certain time. More... | |
| class | InstructionLister |
| List some instructions at a certain time. More... | |
| class | IpRewriter |
| Callback to rewrite CFG edges. More... | |
| class | MatchThunk |
| Match thunk. More... | |
| class | PreventDiscontiguousBlocks |
| Prevent discontiguous basic blocks. More... | |
Functions | |
| std::string | canonicalFunctionName (const std::string &) |
| Convert system function names to ROSE canonical form. | |
| void | demangleFunctionNames (const PartitionerConstPtr &) |
| Demangle all function names. | |
| AddressIntervalSet | deExecuteZeros (const MemoryMapPtr &map, size_t threshold, size_t leaveAtFront=16, size_t leaveAtBack=1) |
| Remove execute permissions for zeros. | |
| void | nameStrings (const PartitionerConstPtr &, const AddressInterval &) |
| Give labels to string constants. | |
| void | nameConstants (const PartitionerConstPtr &, const AddressInterval &) |
| Gives names to constants in instructions. | |
| std::vector< FunctionPtr > | findNoopFunctions (const PartitionerConstPtr &) |
| Find functions that are no-ops. | |
| void | nameNoopFunctions (const PartitionerConstPtr &) |
| Give names to functions that are no-ops. | |
| boost::logic::tribool | isStackBasedReturn (const PartitionerConstPtr &, const BasicBlockPtr &) |
| Determine if basic block is a stack-based function return. | |
| SgAsmBlock * | buildBasicBlockAst (const PartitionerConstPtr &, const BasicBlockPtr &, const FunctionPtr &, const AstConstructionSettings &) |
| Build AST for basic block. | |
| SgAsmBlock * | buildDataBlockAst (const PartitionerConstPtr &, const DataBlockPtr &, const AstConstructionSettings &) |
| Build AST for data block. | |
| SgAsmFunction * | buildFunctionAst (const PartitionerConstPtr &, const FunctionPtr &, const AstConstructionSettings &) |
| Build AST for function. | |
| SgAsmBlock * | buildGlobalBlockAst (const PartitionerConstPtr &, const AstConstructionSettings &) |
| Builds the global block AST. | |
| SgAsmBlock * | buildAst (const PartitionerConstPtr &, SgAsmInterpretation *interp=NULL, const AstConstructionSettings &settings=AstConstructionSettings::strict()) |
| Builds an AST from the CFG. | |
| void | fixupAstPointers (SgNode *ast, SgAsmInterpretation *interp=NULL) |
| Fixes pointers in the AST. | |
| void | fixupAstCallingConventions (const PartitionerConstPtr &, SgNode *ast) |
| Fixes calling convention results. | |
| void | labelSymbolAddresses (const PartitionerPtr &, SgAsmGenericHeader *) |
| Give labels to addresses that are symbols. | |
| void | labelSymbolAddresses (const PartitionerPtr &, SgAsmInterpretation *) |
| Give labels to addresses that are symbols. | |
| std::vector< FunctionPtr > | findSymbolFunctions (const PartitionerConstPtr &, SgAsmGenericHeader *) |
| Finds functions for which symbols exist. | |
| std::vector< FunctionPtr > | findSymbolFunctions (const PartitionerConstPtr &, SgAsmInterpretation *) |
| Finds functions for which symbols exist. | |
| size_t | findSymbolFunctions (const PartitionerConstPtr &, SgAsmGenericHeader *, std::vector< FunctionPtr > &) |
| Finds functions for which symbols exist. | |
| std::string Rose::BinaryAnalysis::Partitioner2::Modules::canonicalFunctionName | ( | const std::string & | ) |
Convert system function names to ROSE canonical form.
ROSE always stores library function names as "function@library" with the reasoning that the function name is typically more important than the library name and storing them this way leads to better presentation in sorted lists. This function recognizes and converts the form "library.dll:function" and will convert "KERNEL32.dll:EncodePointer" to "EncodePointer@KERNEL32.dll"
| void Rose::BinaryAnalysis::Partitioner2::Modules::demangleFunctionNames | ( | const PartitionerConstPtr & | ) |
Demangle all function names.
Run the name demangler on all functions that have a non-empty name and no demangled name. Assign the result as each function's demangled name if it's different than the true name.
| AddressIntervalSet Rose::BinaryAnalysis::Partitioner2::Modules::deExecuteZeros | ( | const MemoryMapPtr & | map, |
| size_t | threshold, | ||
| size_t | leaveAtFront = 16, |
||
| size_t | leaveAtBack = 1 |
||
| ) |
Remove execute permissions for zeros.
Scans memory to find consecutive zero bytes and removes execute permission from them. Only occurrences of at least threshold consecutive zeros are found, and only a subset of those occurrences have their execute permission removed. Namely, whenever an interval of addresses is found that contain all zeros, the interval is narrowed by eliminating the first few bytes (leaveAtFront) and last few bytes (leaveAtBack), and execute permissions are removed for this narrowed interval.
Returns the set of addresses whose access permissions were changed, which may be slightly fewer addresses than which contain zeros due to the leaveAtFront and leaveAtBack. The set of found zeros can be recovered from the return value by iterating over the intervals in the set and inserting the leaveAtFront and leaveAtBack addresses at each end of each interval.
If threshold is zero or the leaveAtFront and leaveAtBack sum to at least threshold then nothing happens.
| void Rose::BinaryAnalysis::Partitioner2::Modules::labelSymbolAddresses | ( | const PartitionerPtr & | , |
| SgAsmGenericHeader * | |||
| ) |
Give labels to addresses that are symbols.
Scans the specified binary container and labels those virtual addresses that correspond to symbols. This function does not create any functions in the partitioner, it only gives names to certain addresses. If the same address is labeled more than once by symbols with different names then one name is chosen arbitrarily.
| void Rose::BinaryAnalysis::Partitioner2::Modules::labelSymbolAddresses | ( | const PartitionerPtr & | , |
| SgAsmInterpretation * | |||
| ) |
Give labels to addresses that are symbols.
Scans the specified binary container and labels those virtual addresses that correspond to symbols. This function does not create any functions in the partitioner, it only gives names to certain addresses. If the same address is labeled more than once by symbols with different names then one name is chosen arbitrarily.
| void Rose::BinaryAnalysis::Partitioner2::Modules::nameStrings | ( | const PartitionerConstPtr & | , |
| const AddressInterval & | |||
| ) |
Give labels to string constants.
Finds integer constants that are within the specified range of values and are the address if a C-style NUL-terminated ASCII string and adds a comment to the constant (if it had none previously) to describe the string. All instructions that are attached to the CFG/AUM are processed. The instructions are modified by attaching the comment, but the comments are not added to the partitioners address name map.
| std::vector< FunctionPtr > Rose::BinaryAnalysis::Partitioner2::Modules::findSymbolFunctions | ( | const PartitionerConstPtr & | , |
| SgAsmGenericHeader * | |||
| ) |
Finds functions for which symbols exist.
Scans the specified AST to find symbols that point to functions and makes a function at each such address. A function is made only if an instruction can be disassembled at the address. The return value is a sorted list of unique functions.
| std::vector< FunctionPtr > Rose::BinaryAnalysis::Partitioner2::Modules::findSymbolFunctions | ( | const PartitionerConstPtr & | , |
| SgAsmInterpretation * | |||
| ) |
Finds functions for which symbols exist.
Scans the specified AST to find symbols that point to functions and makes a function at each such address. A function is made only if an instruction can be disassembled at the address. The return value is a sorted list of unique functions.
| size_t Rose::BinaryAnalysis::Partitioner2::Modules::findSymbolFunctions | ( | const PartitionerConstPtr & | , |
| SgAsmGenericHeader * | , | ||
| std::vector< FunctionPtr > & | |||
| ) |
Finds functions for which symbols exist.
Scans the specified AST to find symbols that point to functions and makes a function at each such address. A function is made only if an instruction can be disassembled at the address. The return value is a sorted list of unique functions.
| void Rose::BinaryAnalysis::Partitioner2::Modules::nameConstants | ( | const PartitionerConstPtr & | , |
| const AddressInterval & | |||
| ) |
Gives names to constants in instructions.
Scans the entire list of attached instructions and give each constant integer expression a name if the value of the expression happens to be an address that has a name and lies within the interval.
| std::vector< FunctionPtr > Rose::BinaryAnalysis::Partitioner2::Modules::findNoopFunctions | ( | const PartitionerConstPtr & | ) |
Find functions that are no-ops.
Finds functions that are no-ops and returns them in ascending order of entry addresses.
| void Rose::BinaryAnalysis::Partitioner2::Modules::nameNoopFunctions | ( | const PartitionerConstPtr & | ) |
Give names to functions that are no-ops.
Scans the list of attached functions to find those whose only action is to return to the caller (via findNoopFunctions) and gives names to those that don't have names. The names are of the form "noop_ADDR() -> void" where ADDR is the hexadecimal entry address. The C++ trailing return type syntax is used so that functions can be easily sorted according to their names.
| boost::logic::tribool Rose::BinaryAnalysis::Partitioner2::Modules::isStackBasedReturn | ( | const PartitionerConstPtr & | , |
| const BasicBlockPtr & | |||
| ) |
Determine if basic block is a stack-based function return.
Determines whether the specified basic block is a function return by examining the semantics of the basic block. If at the end of the basic block, the instruction pointer has the same value as the value stored on-past-the-end of the stack it means that the basic block popped the next execution address from the top of the stack. Returns indeterminate if this property could not be determined, such as is the case when semantics are not enabled.
| SgAsmBlock * Rose::BinaryAnalysis::Partitioner2::Modules::buildBasicBlockAst | ( | const PartitionerConstPtr & | , |
| const BasicBlockPtr & | , | ||
| const FunctionPtr & | , | ||
| const AstConstructionSettings & | |||
| ) |
| SgAsmBlock * Rose::BinaryAnalysis::Partitioner2::Modules::buildDataBlockAst | ( | const PartitionerConstPtr & | , |
| const DataBlockPtr & | , | ||
| const AstConstructionSettings & | |||
| ) |
| SgAsmFunction * Rose::BinaryAnalysis::Partitioner2::Modules::buildFunctionAst | ( | const PartitionerConstPtr & | , |
| const FunctionPtr & | , | ||
| const AstConstructionSettings & | |||
| ) |
| SgAsmBlock * Rose::BinaryAnalysis::Partitioner2::Modules::buildGlobalBlockAst | ( | const PartitionerConstPtr & | , |
| const AstConstructionSettings & | |||
| ) |
Builds the global block AST.
A global block's children are all the functions contained in the AST, which in turn contain SgAsmBlock IR nodes for the basic blocks, which in turn contain instructions.
| SgAsmBlock * Rose::BinaryAnalysis::Partitioner2::Modules::buildAst | ( | const PartitionerConstPtr & | , |
| SgAsmInterpretation * | interp = NULL, |
||
| const AstConstructionSettings & | settings = AstConstructionSettings::strict() |
||
| ) |
Builds an AST from the CFG.
Builds an abstract syntax tree from the control flow graph. The returned SgAsmBlock will have child functions; each function (SgAsmFunction) will have child basic blocks; each basic block (SgAsmBlock) will have child instructions.
This function is the same as buildGlobalBlockAst except it also calls various AST fixup functions. Providing an interpretation allows more fixups to occur. Also, if interp is non-null then the returned global block is attached to the interpretation in the AST (any previous global block is detached but not destroyed).
| void Rose::BinaryAnalysis::Partitioner2::Modules::fixupAstPointers | ( | SgNode * | ast, |
| SgAsmInterpretation * | interp = NULL |
||
| ) |
Fixes pointers in the AST.
Traverses the AST to find SgAsmIntegerValueExpressions and changes absolute values to relative values. If such an expression is the starting address of a function then the expression will point to that function; else if the expression is the starting address of a basic block then the expression will point to that basic block; else if the expression is the starting address of an instruction then the expression will point to that instruction; else if the expression evaluates to an address inside a mapped section, then the expression will become relative to the start of the best section. Pointers into sections are only created if an interpretation is specified.
| void Rose::BinaryAnalysis::Partitioner2::Modules::fixupAstCallingConventions | ( | const PartitionerConstPtr & | , |
| SgNode * | ast | ||
| ) |
Fixes calling convention results.
This function uses the results of previous calling convention analysis to assign calling convention definitions to the functions in the specified AST. There's often more than one definition that matches the analysis results, and this fixup pass attempts to assign the best definitions. It does so by first ranking the definitions according to how often they match across all the functions known to the partitioner. Then, for each function in the specified ast, the we also get a list matching definitions (if a calling convention analysis has been run on that function). We copy into the AST that function's definition which has the highest global ranking.
1.9.8